Skip to content

Instantly share code, notes, and snippets.

@mknapik

mknapik/Taskfile.yml

Created May 12, 2020 17:59
Show Gist options
  • Save mknapik/7220a2dda4a66b2710784b7a658bd491 to your computer and use it in GitHub Desktop.
Save mknapik/7220a2dda4a66b2710784b7a658bd491 to your computer and use it in GitHub Desktop.
Download ZIP
AWS SSO to AWS1 credentials procedure
Raw
Taskfile.yml
# https://taskfile.dev
version: '2'
vars:
AWS_SSO_URL: "https://EXAMPLE.awsapps.com/start/"
AWS_REGION: us-east-1
AWS_PROFILE: your-provile-name
AWS_ACCOUNT_ID: 1111111111111
AWS_ROLE: your-role
tasks:
aws:sso:configure:
cmds:
- |-
printf "{{.AWS_SSO_URL}}\n{{.AWS_REGION}}\n{{.AWS_REGION}}\n\n" |
aws configure sso --profile={{.AWS_PROFILE}}
silent: true
status:
- pcregrep -M "\[profile {{.AWS_PROFILE}}\]\nsso_start_url = {{.AWS_SSO_URL}}" ~/.aws/config
aws:sso:login:
deps: [aws:sso:configure]
cmds:
- aws sso login
status:
- aws s3 ls
env:
AWS_PROFILE: "{{.AWS_PROFILE}}"
aws:login:
desc: 'Log in to AWS'
deps: [aws:sso:login]
cmds:
- |-
JSON=$(
aws sso get-role-credentials \
--role-name={{.AWS_ROLE}} \
--account-id={{.AWS_ACCOUNT_ID}} \
--access-token=$(cat ~/.aws/sso/cache/$(ls ~/.aws/sso/cache | grep -v botocore) | jq -r '.accessToken') \
| jq -r '.roleCredentials'
)
aws configure set aws_access_key_id $(echo $JSON | jq -r '.accessKeyId')
aws configure set aws_secret_access_key $(echo $JSON | jq -r '.secretAccessKey')
aws configure set aws_session_token $(echo $JSON | jq -r '.sessionToken')
aws --profile={{.AWS_PROFILE}}-aws1 configure set region {{.AWS_REGION}}
aws --profile={{.AWS_PROFILE}}-aws1 configure set aws_access_key_id $(echo $JSON | jq -r '.accessKeyId')
aws --profile={{.AWS_PROFILE}}-aws1 configure set aws_secret_access_key $(echo $JSON | jq -r '.secretAccessKey')
aws --profile={{.AWS_PROFILE}}-aws1 configure set aws_session_token $(echo $JSON | jq -r '.sessionToken')
silent: true
status:
- aws --profile={{.AWS_PROFILE}}-aws1 s3 ls
env:
AWS_PROFILE: "{{.AWS_PROFILE}}"
aws:ecr:login:
desc: 'Log in to ECR'
deps: [aws:sso:login]
cmds:
- |-
account_id=$(grep "\[profile {{.AWS_PROFILE}}\]" -A 5 ~/.aws/config | grep sso_account_id | cut -d ' ' -f 3)
aws ecr get-login-password | docker login --username AWS --password-stdin ${account_id}.dkr.ecr.{{.AWS_REGION}}.amazonaws.com
silent: true
env:
AWS_PROFILE: "{{.AWS_PROFILE}}"
@mknapik
Copy link
Author

mknapik commented May 12, 2020

Usage:

> task aws:login
task: Task "aws:sso:configure" is up to date
aws sso login
Attempting to automatically open the SSO authorization page in your default browser.
If the browser does not open or you wish to use a different device to authorize this request, open the following URL:

https://device.sso.us-east-1.amazonaws.com/

Then enter the code:

XXXX-XXXX
Successully logged into Start URL: https://EXAMPLE.awsapps.com/start/
task: Task "aws:login" is up to date

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment